> ## Documentation Index > Fetch the complete documentation index at: https://plivo.com/docs/llms.txt > Use this file to discover all available pages before exploring further. # Session API > Create, validate, retrieve, and list verification sessions The Session API lets you send and validate one-time passwords (OTP) for two-factor authentication (2FA) using SMS and voice channels. **API Endpoint** ``` https://api.plivo.com/v1/Account/{auth_id}/Verify/Session/ ``` *** ## The Session Object The API creates a Session object once for each recipient within the code expiry time. A session can have multiple attempts to deliver the OTP. ### Attributes A 36-character string that uniquely identifies a session. ID of the application used to trigger the session. The destination phone number (in E.164 format). Current status. Values: `in-progress`, `verified`, `expired`. The last channel used for the session. Language translation used for the session. Details of all attempts made during a session. Details of all charges incurred during a session. UTC time when the session was created. UTC time when the session was last updated. *** ## Create a Session Send an OTP via SMS or voice. ``` POST https://api.plivo.com/v1/Account/{auth_id}/Verify/Session/ ``` ### Arguments The phone number to send the OTP to. UUID of the Verify application. Defaults to default application. Delivery channel. Values: `sms`, `voice`. Default: `sms`. URL for status callbacks. HTTP method for callbacks. Values: `GET`, `POST`. Default: `POST`. Language code (e.g., `en_US`, `es`, `fr_FR`). Default: `en`. Brand name to replace `${brand_name}` in templates. Android app hash for SMS Retriever API integration. OTP length (4-8). Overrides application default. ### Example ```python Python theme={null} import plivo client = plivo.RestClient('', '') response = client.verify_session.create( recipient='', app_uuid='', channel='sms', url='https://your-domain.com/callback', method='POST' ) print(response) ``` ```javascript Node.js theme={null} const plivo = require('plivo'); const client = new plivo.Client('', ''); client.verify_session.create({ recipient: '', app_uuid: '', channel: 'sms', url: 'https://your-domain.com/callback', method: 'POST' }).then(response => { console.log(response); }); ``` ```ruby Ruby theme={null} require 'plivo' client = Plivo::RestClient.new('', '') response = client.verify_session.create( recipient: '', app_uuid: '', channel: 'sms', url: 'https://your-domain.com/callback', method: 'POST' ) puts response ``` ```php PHP theme={null} ', ''); $response = $client->verifySessions->create( '', [ 'app_uuid' => '', 'channel' => 'sms', 'url' => 'https://your-domain.com/callback', 'method' => 'POST' ] ); print_r($response); ``` ```java Java theme={null} import com.plivo.api.Plivo; import com.plivo.api.models.verify_session.VerifySession; import com.plivo.api.models.verify_session.SessionCreateResponse; Plivo.init("", ""); SessionCreateResponse response = VerifySession.creator( "", "", "sms", "https://your-domain.com/callback", "POST" ).create(); System.out.println(response); ``` ```csharp .NET theme={null} using Plivo; var api = new PlivoApi("", ""); var response = api.VerifySession.Create( recipient: "", app_uuid: "", channel: "sms", url: "https://your-domain.com/callback", method: "POST" ); Console.WriteLine(response); ``` ```go Go theme={null} package main import ( "fmt" "github.com/plivo/plivo-go/v7" ) func main() { client, _ := plivo.NewClient("", "", &plivo.ClientOptions{}) response, _ := client.VerifySession.Create(plivo.SessionCreateParams{ Recipient: "", AppUUID: "", Channel: "sms", URL: "https://your-domain.com/callback", Method: "POST", }) fmt.Println(response) } ``` ```bash cURL theme={null} curl -X POST "https://api.plivo.com/v1/Account/{auth_id}/Verify/Session/" \ -u "{auth_id}:{auth_token}" \ -H "Content-Type: application/json" \ -d '{ "recipient": "", "app_uuid": "", "channel": "sms", "url": "https://your-domain.com/callback", "method": "POST" }' ``` ### Response ```json theme={null} { "api_id": "3335cb16-d297-4e00-a5e6-66d2bb03b323", "message": "Session initiated", "session_uuid": "8e712097-8090-4644-81e7-8f4265d8354e" } ``` *** ## Validate a Session Validate the OTP entered by the user. ``` POST https://api.plivo.com/v1/Account/{auth_id}/Verify/Session/{session_uuid}/ ``` ### Arguments The OTP to validate. You can attempt no more than 10 validations per session to prevent brute-force attacks. ### Example ```python Python theme={null} import plivo client = plivo.RestClient('', '') response = client.verify_session.validate( session_uuid='', otp='' ) print(response) ``` ```javascript Node.js theme={null} const plivo = require('plivo'); const client = new plivo.Client('', ''); client.verify_session.validate({ id: '', otp: '' }).then(response => { console.log(response); }); ``` ```ruby Ruby theme={null} require 'plivo' client = Plivo::RestClient.new('', '') response = client.verify_session.validate('', '') puts response ``` ```php PHP theme={null} ', ''); $response = $client->verifySessions->validate('', ''); print_r($response); ``` ```java Java theme={null} import com.plivo.api.Plivo; import com.plivo.api.models.verify_session.VerifySession; Plivo.init("", ""); SessionCreateResponse response = VerifySession.validation( "", "" ).create(); System.out.println(response); ``` ```csharp .NET theme={null} using Plivo; var api = new PlivoApi("", ""); var response = api.VerifySession.Validate( session_uuid: "", otp: "" ); Console.WriteLine(response); ``` ```go Go theme={null} package main import ( "fmt" "github.com/plivo/plivo-go/v7" ) func main() { client, _ := plivo.NewClient("", "", &plivo.ClientOptions{}) response, _ := client.VerifySession.Validate( plivo.SessionValidationParams{OTP: ""}, "", ) fmt.Println(response) } ``` ```bash cURL theme={null} curl -X POST "https://api.plivo.com/v1/Account/{auth_id}/Verify/Session/{session_uuid}/" \ -u "{auth_id}:{auth_token}" \ -H "Content-Type: application/json" \ -d '{"otp": ""}' ``` ### Response ```json theme={null} { "api_id": "e7af31b5-a7cb-40d6-a3ab-122fdcc9f0fe", "message": "session validated successfully." } ``` *** ## Retrieve a Session Get details of a specific session. ``` GET https://api.plivo.com/v1/Account/{auth_id}/Verify/Session/{session_uuid}/ ``` ### Example ```python Python theme={null} import plivo client = plivo.RestClient('', '') response = client.verify_session.get('') print(response) ``` ```javascript Node.js theme={null} const plivo = require('plivo'); const client = new plivo.Client('', ''); client.verify_session.get('').then(response => { console.log(response); }); ``` ```ruby Ruby theme={null} require 'plivo' client = Plivo::RestClient.new('', '') response = client.verify_session.get('') puts response ``` ```php PHP theme={null} ', ''); $response = $client->verifySessions->get(''); print_r($response); ``` ```java Java theme={null} import com.plivo.api.Plivo; import com.plivo.api.models.verify_session.VerifySession; Plivo.init("", ""); VerifySession response = VerifySession.getter("").get(); System.out.println(response); ``` ```csharp .NET theme={null} using Plivo; var api = new PlivoApi("", ""); var response = api.VerifySession.Get(""); Console.WriteLine(response); ``` ```go Go theme={null} package main import ( "fmt" "github.com/plivo/plivo-go/v7" ) func main() { client, _ := plivo.NewClient("", "", &plivo.ClientOptions{}) response, _ := client.VerifySession.Get("") fmt.Println(response) } ``` ```bash cURL theme={null} curl "https://api.plivo.com/v1/Account/{auth_id}/Verify/Session/{session_uuid}/" \ -u "{auth_id}:{auth_token}" ``` ### Response ```json theme={null} { "api_id": "abf7fc2b-fac5-471c-9592-74ed6834b5e6", "session_uuid": "60ea68db-b123-46d9-9eb2-1201d516dbbd", "app_uuid": "ec66515e-86f6-4507-8620-31c039538d7a", "recipient": "919380013443", "channel": "voice", "status": "Expired", "count": 3, "attempt_details": [ { "channel": "voice", "attempt_uuid": "90cc6cde-db80-4d14-9716-3aaa2b403377", "status": "answer", "time": "2023-06-01T08:52:39.363253Z" }, { "channel": "sms", "attempt_uuid": "acbffc94-283b-42b3-8a96-65cbc18a9624", "status": "delivered", "time": "2023-06-01T08:52:59.484375Z" } ], "charges": { "total_charge": "0.113", "validation_charge": "0.0000", "attempt_charges": [ { "attempt_uuid": "90cc6cde-db80-4d14-9716-3aaa2b403377", "channel": "voice", "charge": "0.03300" }, { "attempt_uuid": "acbffc94-283b-42b3-8a96-65cbc18a9624", "channel": "sms", "charge": "0.08000" } ] }, "created_at": "2023-06-01T08:52:39.363253Z", "updated_at": "2023-06-01T08:53:25.577153Z" } ``` *** ## List All Sessions Retrieve a list of sessions based on filter criteria over the last 90 days. ``` GET https://api.plivo.com/v1/Account/{auth_id}/Verify/Session/ ``` The default rate limit is 20 requests per minute. Exceeding this limit returns "too many requests" error. ### Query Parameters Filter by application UUID. Filter by status. Values: `in-progress`, `verified`, `expired`. Filter by destination number (E.164 format). Filter by subaccount. Results per page. Max: 20. Default: 20. Number of results to skip. Default: 0. Filter by session initiation time. Format: `YYYY-MM-DD HH:MM`. Supports variants: `session_time__gt`, `session_time__gte`, `session_time__lt`, `session_time__lte`. Filter by brand name. Filter by app hash. ### Example ```python Python theme={null} import plivo client = plivo.RestClient('', '') response = client.verify_session.list(limit=10, offset=0) print(response) ``` ```javascript Node.js theme={null} const plivo = require('plivo'); const client = new plivo.Client('', ''); client.verify_session.list().then(response => { console.log(response); }); ``` ```ruby Ruby theme={null} require 'plivo' client = Plivo::RestClient.new('', '') response = client.verify_session.list(limit: 10, offset: 0) puts response ``` ```php PHP theme={null} ', ''); $response = $client->verifySessions->list(['limit' => 10, 'offset' => 0]); print_r($response); ``` ```java Java theme={null} import com.plivo.api.Plivo; import com.plivo.api.models.verify_session.VerifySession; Plivo.init("", ""); ListResponse response = VerifySession.lister() .limit(10) .offset(0) .list(); System.out.println(response); ``` ```csharp .NET theme={null} using Plivo; var api = new PlivoApi("", ""); var response = api.VerifySession.List(limit: 10, offset: 0); Console.WriteLine(response); ``` ```go Go theme={null} package main import ( "fmt" "github.com/plivo/plivo-go/v7" ) func main() { client, _ := plivo.NewClient("", "", &plivo.ClientOptions{}) response, _ := client.VerifySession.List(plivo.SessionListParams{ Limit: 10, Offset: 0, }) fmt.Println(response) } ``` ```bash cURL theme={null} curl "https://api.plivo.com/v1/Account/{auth_id}/Verify/Session/?limit=10&offset=0" \ -u "{auth_id}:{auth_token}" ``` ### Response ```json theme={null} { "api_id": "3a7a0d6d-1b85-4593-921c-373e673a5799", "meta": { "limit": 20, "offset": 0, "next": null, "previous": null }, "sessions": [ { "session_uuid": "51e965f3-65a5-4ca0-9542-57154118a991", "app_uuid": "59728519-d145-45d6-8d46-60c06f7e8bbb", "recipient": "918681951370", "channel": "sms", "status": "expired", "count": 1, "attempt_details": [...], "charges": {...}, "created_at": "2023-06-01T10:40:05.804031Z", "updated_at": "2023-06-01T10:40:05.804031Z" } ] } ``` *** ## Status Callbacks Set up a server endpoint to receive real-time status updates for your verification sessions. Specify the callback URL when creating a session. ### Callback Attributes Unique session identifier. Session status. Values: `in-progress`, `expired`. Unique identifier for the SMS/call attempt. Sequence number of the attempt. Channel used. Values: `sms`, `voice`. Attempt status. SMS: `queued`, `sent`, `delivered`, `failed`, `undelivered`. Voice: `in-progress`, `completed`, `ringing`. Error code from the channel. Destination phone number. UTC time when the attempt was created. ### Callback Behavior Plivo automatically retries webhooks three times if HTTP 200 is not returned: * First retry: 60 seconds after original attempt * Second retry: 120 seconds after first retry * Third retry: 240 seconds after second retry *** ## Related * [Overview](/programmable-api/verify/overview) - Quick start guide and concepts